CVE-2015-7942: Improper Restriction of Operations within the Bounds of a Memory Buffer

November 18, 2015 (updated March 8, 2019)

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

References

nvd.nist.gov/vuln/detail/CVE-2015-7942

Code Behaviors & Features

Detect and mitigate CVE-2015-7942 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →